From a51c147555cf55ac9ac8141ebf5dcba00cb1d1b1 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 4 Jun 2021 15:38:06 +0300 Subject: [PATCH 1/2] Fix ReCaptcha validation https://github.com/unosquare/passcore/issues/602 --- src/Unosquare.PassCore.Web/Controllers/PasswordController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Unosquare.PassCore.Web/Controllers/PasswordController.cs b/src/Unosquare.PassCore.Web/Controllers/PasswordController.cs index 91dd1e47..4413e7c4 100644 --- a/src/Unosquare.PassCore.Web/Controllers/PasswordController.cs +++ b/src/Unosquare.PassCore.Web/Controllers/PasswordController.cs @@ -142,7 +142,7 @@ private async Task ValidateRecaptcha(string? recaptchaResponse) // skip validation if we don't enable recaptcha if ((_options.Recaptcha != null) && string.IsNullOrWhiteSpace(_options.Recaptcha.PrivateKey)) return true; - else if ((_options.Recaptcha != null) && (string.IsNullOrEmpty(recaptchaResponse) != false)) + else if ((_options.Recaptcha != null) && (string.IsNullOrEmpty(recaptchaResponse) != true)) { var requestUrl = new Uri( $"https://www.google.com/recaptcha/api/siteverify?secret={_options.Recaptcha.PrivateKey}&response={recaptchaResponse}"); From 821e1ad16a539dc7aed4bc508c60e7faf37a7ac9 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 4 Jun 2021 15:49:50 +0300 Subject: [PATCH 2/2] Fix AllowedADGroups check --- .../PasswordChangeProvider.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Unosquare.PassCore.PasswordProvider/PasswordChangeProvider.cs b/src/Unosquare.PassCore.PasswordProvider/PasswordChangeProvider.cs index a16564c2..cf49394e 100644 --- a/src/Unosquare.PassCore.PasswordProvider/PasswordChangeProvider.cs +++ b/src/Unosquare.PassCore.PasswordProvider/PasswordChangeProvider.cs @@ -179,7 +179,7 @@ private string FixUsernameWithDomain(string username) "The User principal is listed as restricted"); } - return groups?.Any(x => _options.AllowedADGroups?.Contains(x.Name) == true) == true + return groups?.Any(x => _options.AllowedADGroups?.Contains(x.Name) != false) == true ? null : new ApiErrorItem(ApiErrorCode.ChangeNotPermitted, "The User principal is not listed as allowed"); }